Sharp Corporation (hereinafter referred to as "the Company") discloses the handling of vulnerability information discovered inside and outside the company as follows, so that customers can use our products with peace of mind.
(Note) A "vulnerability" is an information security defect caused by a program defect or design error in a digital product's OS or software. This is different from damage or physical defects in the product itself.
Collecting vulnerability information
We collect vulnerability information widely from inside and outside the company. If you discover a vulnerability in our products, please contact the coordinating organization (JPCERT/CC*1, etc.) or contact our vulnerability countermeasure contact below.
SHARP Product Vulnerability Reception Desk
If you contact the coordinating body, we will respond in cooperation with the coordinating body in accordance with the "Information Security Early Warning Partnership Guidelines"*2. If you contact our office, after confirming receipt, we will reply that we have received it within 5 business days in principle (excluding long holidays such as summer and year-end and New Year holidays).
Vulnerability investigation and countermeasures
Regarding the vulnerability of the product you contacted, the design and development department of the product will check the scope and severity of the impact, and take appropriate measures in cooperation with the coordinating organization as necessary. We will notify the finder accordingly until the response is completed.
After confirming receipt, information will be exchanged by e-mail, but since it contains sensitive information such as customer information and vulnerability information, please contact us by encrypting with the PGP public key prepared by our company.
Vulnerability Disclosure
As soon as the countermeasures for vulnerabilities in our products are completed, we will coordinate the schedule with the coordinating organization and publish the countermeasure information on the relevant website of the coordinating organization and our support page for the product.